Getting Your Foot In The DoorJust about every day or two, people come to these forums and ask the same typical question; "Where do I begin?", "How do I do this?", "Will you help me do this?". To make it easier for aspiring hackers, I have decided to take my time and make this post, which will outline some of the many things that will help you along your journey. I use the word journey, because it is going to be one. Do not think of hacking as something that you are just going to learn over a day, a week, a month, or even years. If you are serious, take the time to read this post. Yes it is long, yes you may know some of it. Does it hurt you, no. Can you possibly gain something from this, yes. This is almost a test to see how much you are willing to learn. If you are not willing to read a lengthy topic regarding how to get your foot into the door, then do not bother trying to learn at all.

What This Post Is And Is NotThe information in this is not a clear cut doorway to hacking, it merely sets the footprints that you can follow and hopefully divert away creating your own footsteps as a hacker. This post goes over the very basic fundamentals and ideology behind hacking.

What is Hacking?You need to understand that while hacking is a way of manipulating something in a way that it was not meant to, it is also a lifestyle. This lifestyle is one that you personally have to conform to. No one can do this for you; and believe me if we could, this world would be a much better place. Say for instance that some hacker sent you a program he created that could pretty much deface any website ever made by a zero day exploit, if you use this and deface 1,000,000 sites, does that really make you a hacker? The answer is no. Why is the answer no? Because, you have no understanding of how the program you are using works. To be able to understand, problem solve, create, take apart, and know what and how something is working, that is the skill set of a true hacker. If you made a program so easy to hack with that your grandmother could log onto your computer, press a button and "boom", a site gets defaced, that does not make her a hacker.

The Hackers LifestyleSo what is a typical hacker's lifestyle? Hackers whether black hat, white, or grey, all have the same drive in their mind. The drive they have is for that of knowledge, wisdom, and understanding. To know how something was created, and to be able to recreate it, or better yet, to be able to take that program that Bob Joe the information security guru made, break it down, learn it, and make it even better, that is the drive. If no one was able to hack into a program, or manipulate it, there would be no hackers, and there would never be any advancement in technology.Where To StartSo now you want to know where to start? I can understand that some may feel lost, but all of you that ask this question, are somewhat on the right path. Let me explain... Hackers research, study, understand, recreate, and then learn. You showed some sort of research because you ended up on hts.org! So do you think posting a question on the forums saying, please help me hack a facebook account is going to give you any knowledge? No, hacking is one of a personal experience, and as said before a lifestyle that you must choose to carry out. What a hacker will do for upcoming and inspired hackers is to lead them into the right direction to gain the knowledge and understand, that may one day lead to them being able to hack a facebook account. Honestly, you can look on my user-profile here, there is a kid that asked me a while back "can you teach me to hack fb", most of the time with poor English, and ignorance. I am not trying to sound rude, as I know some people are foreign and have a hard time, but him asking me to show him how to 'hack a fb' shows his ignorance. The questions I would love to see more often, is ones like "I really enjoy hacking and learning new things. I was wondering if anyone had any knowledge of what I could learn to possibly push me towards the direction of being able to hack a facebook account". It doesn't take a genius to see the difference in the posts, and the big separation from ignorance, and being inspired to learn.

What Hackers Will and Will Not Do So in short, no, we will not take the time out of our day to fully go over something that we probably learned years ago if you show ignorance. Why would we, when we can be studying or working on a project far more advanced. As a hacker myself, I am more inspired looking at people who are willing to learn, who are devoted, and show signs of research before posting into the forums. To ask the question "Where do I start hacking" on these forums is pretty absurd, and sad that I need to post this on a hacking forum, just take a look at this link I quote this as of Jan, 25th, 2013; "About 26,500,000 results" Twenty six million, five hundred thousand results, give or take! You mean to tell me that you could not get any information out of that? This is the problem with upcoming hackers. The education system teaches you everything, how to do this, how to do that. What they fail to teach you is creativity such as trying to find another way to do this, and to do that. With this lack of creativity, some upcoming hackers expect some sort of supreme person with knowledge, to tell them how it is done. The answer is in a lot of the 26 million websites on Google. So here I am saying that if you truly call yourself a hacker, or want to become one, do a little research; it is what we have done for years. The time it takes for someone on a forum to get back and post to you, you could have already had an answer from the information from many of the millions of different sites. We refuse to help people who will not first try and help themselves.Now What Do You Do?So other than researching, and living a hacking lifestyle, what do you need to do?If you find yourself asking this question, you clearly have not learned enough or desired to, but in this post, I will make an exception and draw an outline. Now personally, your list may be different, and this comes down to personal preference, and what you want to do. There is a variety of fields involved with hacking, and choosing your option, is not something I need to do. Maybe you want to learn how to crack wifi or maybe deface a website for no fucking reason, but you realize in your learning experience that you are just flat out great at programming. You may then want to become a programmer. So in a summary, I can not choose your path for you, nor do I know which roads you will take after you start. Therefor, I can not and will not try to draw a logical field for you to start in.

Make The SwitchSo to start this off, I will be very blunt on this, and will be regarding most of the things you need based on this. Switch to Linux! Windows just will not do the job as efficiently as Linux can. If you must, at least dual boot or install a USB/CD based Linux os. Why Linux? Linux is free, open source, comes with many installed tools needed for programming out of the box, updates are more frequent/faster, has less of a user population, and can be highly customized. If you are not sure why that is important, just save me the time of typing out the endless benefits of Linux versus other operating systems, and thank me in the future when you are less ignorant on the subject. As a side note, I am not at all familiar with Mac's, but I know they can be highly efficient as well. I say this after seeing many spokesman from Defcon presenting incredible projects using a Mac os, and it made it obvious to me that they can be optimized for hacking.

A Question To Ask YourselfSo next you need to know what fields drive you to want to learn. What do you want to understand? What do you want to know how to do? What will inspire you to keep learning, and not to give up? Make an outline if you must, and ask yourself simple questions, and you are on your way to becoming a hacker already. Here is a list of some of the main hacking categories:

Learn how to programSo, no matter what form of hacking you want to take on (crypto and forensics, to web apps and kernels) programming knowledge is going to be essential. Let's talk about why these two things are so closely related... To start off, everything you are using from your operating system to your browser, was all developed by some programmer(s) somewhere. So, that's cool, we know that this stuff is being developed of course, but how are hackers closely related? Well, for someone to become a successful hacker, they will need to know how these things are working, at the core. Once you start to understand how these things are being developed, you will also become aware of how insecure they can be, and how things can be manipulated to give different or unexpected results. In programming, things usually follow a paradigm of asking for some input, and then doing one or more options based on that input. In actuality, most of your life decisions follow this exact same paradigm. For instance, when you wake up, you might ask yourself: "Do I need to eat breakfast at home before I leave for work?", if you don't have enough time, you would choose to, otherwise you would choose not to eat at the house. Another exception you could add into this would be that if it's the weekend, you will choose either one, depending on how you feel, it really wouldn't matter. So to do this in a programming language, it might look similar to this (I will be using the Ruby programming language in this example, as I find Ruby has an easy to follow syntax)

# Split the string by the spaces and store it in an arrayhour = time.split(' ')[3]

# Split the time by colons H:M:S, get the hourhour = hour.split(':')[0].to_i

# Check if the time is Saturday or Sunday# If the time is Saturday or Sundayif time =~ /sat|sun/i # Let the user know that there isn't a direct choice dependent on time puts "No need to rush for breakfast today, your choice..."

# If the time is not Saturday or Sundayelse # If the hour is past 7am if hour > 7 # Tell the user to pick up food puts "It's past 7am, I should eat at home today."

# If the time is not past 7am else # Tell the user they can eat at home puts "It isn't even 7am yet, I could sit at home and eat today." endend

To see the code on an online interpreter, click hereSo you can think of programming maybe the same way as a car. If you know how a car works, and how to put one together, you could take parts off, and make it too fast to be legal, which would be a perfect example of hacking (using something in a way it was not originally intended, and getting different results than was intended by the designer).

A big question you will first ask is "What programming language should I learn first?" and this is something I can't answer. The language you wish to learn is going to depend on what you want to do. If you want to exploit web apps, you are not going to want to learn C#, you would want to learn PHP/MySQL and other web based languages. If you want to exploit operating systems, you would want to learn ASM/C, not ASP or similar. For an outline of some of the most popular languages and what they are used for, click here. This should help you determine a good language to learn depending on what hacking path you are choosing to take on.

The reasons why hackers exist, is because the programmers need to tell the computer what to do with every input that it receives. It's not always the case that programmers will have everything secure and restricted correctly, and for the most part, they may not even be aware that their program is exploitable. For example, if a programmer had a script that would send you your confidential user information after you gave it your user name, and the programmer did not secure the program to negate a user getting the information of other users, you could get any other user's confidential information as well; and thus the hacker is born. To show a little working example of this, I will also demonstrate this in a short Ruby script:

and for a live demonstration, click hereNow, as you can see, there isn't many security checks being taken or considered. What if a user doesn't enter anything? What if they enter in another users name? This is how hacking happens, from (not always but mostly) poor programming habits. So, you should make it your job to find out those common (and uncommon) flaws, and take advantage of them to become a decent hacker.

Kali Linux- The quieter you are, the more you are able to hear. (Rebirth?)Luckily for you, there is a free Linux system designed for these specific tasks. It's called Kali Linux, which is a branch off of Backtrack, and will prove helpful to you. As of now, the latest release is Kali Linux 1.0. You can click on this link to download the operating system. It comes with hundreds of hacking tools installed on the operating system already, and has been optimized for the greatest hacking capabilities for any Linux distribution out of the box. In Kali Linux, you will find everything you can imagine from website hacking, reverse engineering, cryptography, to social engineering. I highly recommend you download the os, and get familiar with it, and a little advice for anyone that will be new to Linux, or installing Kali:- Do not use Kali if you are unfamiliar with Linux, use an easier distribution first, such as Ubuntu- Do not run as root! If you are using Kali you should know what you are doing, but if you are still learning, how to *nix, do not run as root!- If you have questions, about the os or issues, refer to the Kali Linux Forums! The people who made the product are the people with the best intentions and capability to help you, not others.

Once you have Kali Linux, it is up to you where your experience will take you. I recommend learning how the tools work by researching, and not posting before so.

Testing Your Skills Legally1. Hackthissite.org Hackthissite in my opinion is one of the most fun ways to practice your hacking skills. As you know, there are the forums and a large community at hand to help you in times of trouble, and to point you in the right direction if you are stuck. One of the best things about hts is that it takes no configuration to set up a pentesting environment.I recommend you to dive into the plethora of challenges offered here!

2. DVWA - Damn Vulnerable Web App DVWA is a free PHP/MySQL web application you can download, and easily set up. The application has several ranges of exploit types to play with (SQLi, XSS, XSRF, Bruteforce, etc), and allows you to change the difficulty of each attack with three options: low, medium, and high.Installation Instructions If you have any problems and can't find a solution, get on IRC and join channel #coffeesh0p for assistance.

4. Vulnhub Similar in concept to metasploitable, with a vast range of different vulnerable virtual machines.Here is some cool stuff to read about creating a pentesting lab.

Other Useful ThingsOther things I recommend would be to learn about how to become more anonymous and hidden, this is essential in today’s world. Be well in mathematics and algorithms. Also, if someone asks you, where do I start? Tell them, and try to help. That is the problem we have in this world, so much creativity and imagination shut down because of their delusion of a education system that teaches one way problems and one way solutions, and the lack of free knowledge spread for the advancement in hacking and society in general. Nothing can evolve without change, make the change, and watch the evolution unfold, that is the beauty.

I'm also going to link you guys to an article created by Defience. This article hackthissite.org/articles/read/1059 <-- to the left (I can't link it as HTS has a restriction on URL links allowed per post) will get you started a little bit with actually hacking, and some other fundamental knowledge not thoroughly covered here.

Enjoi, and as usual - Stay nerdy!

Last edited by -Ninjex- on Thu Sep 18, 2014 9:03 am, edited 14 times in total.

1. No system is safe.2. Aim for the the impossible.3. Have fun in cyberspace and meatspace.

I really hope it does stop people asking the same questions over and over again.

I do wonder though if it's possible to learn to be a hacker if you don't already have the hacker mentality - the desire to really learn how stuff works and understand it fully.

I suspect that a lot of people that visit this site will think that hacking is just about breaking into computers and networks but it is so much more than that.

Thank you for taking the time to read and post on this. I as well hope that this will stop people from asking, but I know it will not. I can at least just reference them to this link.For your question, my personal opinion would be that you can not conform a man/woman to a hacker's lifestyle, he/she must do that alone. I also believe that person would have never of had the drive to obtain the skillset of a hacker, if they are not using a hacker's mentality, and if he/she has the knowledge to perform like one.

1. No system is safe.2. Aim for the the impossible.3. Have fun in cyberspace and meatspace.

A good read, indeed. I've already taken a lot of steps mentioned in this guide. I've put up a dual-boot xp/ubuntu box on a secondary PC, and made good strides learning html, javascript, and php on w3schools with a xampp server. Somehow I don't yet feel any wiser, or adept at hacking. I intend to keep going, but how long is this gonna take before I start feeling like I've made progress towards being able to exploit weaknesses and find loopholes in systems?

Haven't started using BT yet, maybe this is the missing link? I've been avoiding it because I really feel like I'm going to end up as a script kiddie if I just start using premade tools.

corbonium wrote:I really feel like I'm going to end up as a script kiddie if I just start using premade tools.

There is nothing wrong with using tools. As long as you know what's going on. Anyone can youtube a 2 min guide to hacking WEP encrypted networks using the aircrack-ng suite. But do you really know what you are doing when you execute these commands? This is the difference between a skiddie and someone in the pursuit of bettering their skills and understanding.

"The quieter you become, the more you are able to hear...""Drink all the booze, hack all the things."

corbonium wrote:Haven't started using BT yet, maybe this is the missing link? I've been avoiding it because I really feel like I'm going to end up as a script kiddie if I just start using premade tools.

BT's not going to help much at your level. Keep learning, building stuff, and working on some of these missions. These missions might not pertain directly to what you are hoping to learn but they will force you to research and test out various things.

The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.

Limdis, thank you for reading up on the post, and I am glad you enjoyed it!Fas, if you fixed my title, thanks for that, as well as making it a sticky!

Now,

corbonium wrote:A good read, indeed. I've already taken a lot of steps mentioned in this guide. I've put up a dual-boot xp/ubuntu box on a secondary PC, and made good strides learning html, javascript, and php on w3schools with a xampp server. Somehow I don't yet feel any wiser, or adept at hacking. I intend to keep going, but how long is this gonna take before I start feeling like I've made progress towards being able to exploit weaknesses and find loopholes in systems?

Haven't started using BT yet, maybe this is the missing link? I've been avoiding it because I really feel like I'm going to end up as a script kiddie if I just start using premade tools.

I can not tell you how long it will be until you feel like you are any wiser on the subject, that is totally based on your feelings, and how much you are striving to advance. I believe you are smarter than the average noob that comes around, as you have shown research, as well as a push towards your goal(s). If you keep the right mindset, as well as learning, you will be fine. Stop worrying about time, and worry about learning, the rest will unfold.

For the BT5 as Limdis pointed out, it is not using a tool that makes you a skid. If you use a tool without understanding the mechanics behind it, that will make you a skid. I highly recommend that with your mindset and goals, that you go ahead and try out BT5.

1. No system is safe.2. Aim for the the impossible.3. Have fun in cyberspace and meatspace.

I've tried ubuntu and debian, and can figure out how to do most things with the internet and the commands "man", "help", and "info". I know my way around the filesystem (It makes so much more sense than the windows one! ), and I know a bit about file permissions. Do I count as experienced?

And also, why not use BT as your main distro?

Thanks,3vilp4wn

Do not mistake understanding for realization, and do not mistake realization for liberation